Allowing guest of hospitality establishment to utilize multiple guest devices to access network service

ABSTRACT

Network traffic, including a device identifier, is received from an unrecognized guest device on a computer network of a hospitality establishment. A user profile server is queried to determine a user identifier that is associated with the device identifier of the guest device. A properly management system is queried to determine whether the user identifier is associated with a current guest of the hospitality establishment, and, when yes, to determine a guest area registered to the current guest. A login database is queried to find an unexpired login record of an authorized guest device associated with the guest area, the unexpired login record granting the authorized guest device access to the network service for an allowed access duration. The unrecognized guest device is automatically granted access to the network service for a remaining portion of the allowed access duration of the unexpired login record.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.16/295,265 filed Mar. 7, 2019, which is a continuation of U.S. patentapplication Ser. No. 15/964,337 filed Apr. 27, 2018, which is acontinuation of U.S. patent application Ser. No. 15/431,885 filed Feb.14, 2017, which is a continuation of U.S. patent application Ser. No.13/611,069 filed Sep. 12, 2012, which claims the benefit of CanadianPatent Application No. 2,788,573 filed Sep. 6, 2012. Each of theseapplications is incorporated herein by reference.

BACKGROUND OF THE INVENTION (1) Field of the Invention

The invention pertains generally to controlling access to a networkservice provided over a computer network of a hospitality establishment.More specifically, the invention relates to allowing a guest of thehospitality establishment to access the network service from multipleguest devices.

(2) Description of the Related Art

Hospitality establishments such as hotels and resorts often provide highspeed Internet access (HSIA) to guests. A guest typically connects aguest device to the hotel's computer network, either through a physicalcable such as Ethernet or a wireless connection such as Wi-Fi™, andopens a web browser to access a website on the Internet. Instead ofallowing guest devices immediate access to the Internet, a controlsystem at the hotel acts as a captive portal and requires the guest tofirst log in at a predetermined login portal. To this end, a gateway orfirewall controlling access between the local area network (LAN) of thehotel and the Internet includes a default rule that causes unauthorizedguest devices to display the login portal in the web browser.

At the login portal the guest signs up for Internet access. When theguest is an individual staying at the hotel, the guest enters their roomnumber and other personal details, selects a desired bandwidth level andother options such as access duration etc., provides paymentinformation, and performs other actions such as agreeing to terms andconditions. The control system only authorizes the guest device toaccess the Internet after the guest has successfully completed the loginprocess at the login portal. By the control system adding to thefirewall a device-specific rule that allows data to flow between theInternet and the unique media access control (MAC) address of theauthorized guest device, only guest devices from which guests of thehotel have properly logged in at the login portal are provided HSIA.

Guests often bring more than one personal electronic device with themwhen they travel. For example, a guest may bring a laptop computer, amobile phone, and a tablet computer; and may expect each to receiveInternet access while at the hospitality establishment. With many simplehotel Internet control systems, the guest will need to complete the fullsign-up procedure at the login portal on each of their personal devicesto gain Internet access. This is both troublesome to the guest and mayresult in billing the same guest multiple times, e.g., chargingseparately for each of their devices.

More sophisticated hotel Internet control systems attempt to solve themulti-device problem for individual guests by providing a button labeled“Already purchased?” on the homepage of the hotel's login portal. When aguest clicks this button the login portal brings up an overlay screenallowing the guest to enter their last name and room number to confirmthey have already purchased an HSIA package. The login portal searchesthe billing records to determine whether the last name and room numberentered by the guest at the login portal match the billing records foran already purchased Internet package. When yes, the new guest device isprovided Internet access without rebilling or requiring further paymentinformation from the guest at the login portal. In some deployments, theguest needs to have already purchased a higher-priced Internet packageat the hotel to enable this multi-device capability. For example, a“Premium” HSIA package may be up to four times faster than a “Standard”package and may include support for up to three guest devices.

However, some guests are poor typists and may misspell their last name,and other guests may deliberately enter fake names due to privacyconcerns when signing up for Internet access over a hotel's wirelessnetwork, for example. If the guest spells their last name differentlywhen first purchasing HSIA access than when subsequently trying to login an additional device, the inconsistent name spellings will preventthe guest from logging in the additional device for free. In anotherexample, two individuals with different last names may be sharing ahotel room. In this case, one guest may be blocked from logging in anadditional device for free if they misspell the other guest's last nameas it was entered during the initial login process. Although problemsinvolving an additional device being blocked from free login due to namemisspellings are often solvable by the guest retrying with the correctspelling, there are certain situations where the assistance of hoteltechnical support staff is required. For example, the guest may simplynot remember what name (or spelling) was utilized during the initialpurchase.

Furthermore, some user devices brought to hotels are unable to be loggedin at a web-based login portal because the devices either do not includeweb browsing technology or do not permit the guest to access the loginportal. Examples of guest devices that do not include web browsingtechnology include standalone teleconferencing webcam appliances,routers, Internet Protocol (IP) telephones, and other IP-enabled devicesthat lack a user interface capable of displaying the login portal orallowing the guest to enter the required login information. Examples ofguest devices that do not permit the guest to access the login portalinclude locked-down corporate and military laptops and equipmentconfigured to only connect with a designated destination such as a fixedserver address accessed via a company or military virtual privatenetwork (VPN). In order for a guest to connect one of these devices tothe Internet as a free additional device added on to their alreadypurchased account, they will need to contact hotel technical supportstaff to have the device manually cleared through the firewall.

Requiring guests to contact support staff both increases the supportcosts of the hospitality establishment's HSIA service and negativelyimpacts the guest experience. It would be desirable if the Internetaccess control system did not solely rely on verifying informationentered by the guest at a web-based login portal in order to determinethat an unrecognized guest device is actually an additional device of aguest who has already purchased an Internet package.

BRIEF SUMMARY OF THE INVENTION

According to an exemplary embodiment of the invention, during a login bya new guest at the login portal, a guest identifier such as the loyaltynumber of the current guest registered for the room identified duringthe login process is requested by the login portal from hotel's propertymanagement system (PMS). The retrieved guest identifier is stored in theguest's primary login record when it is created, and reflects the firsttime the guest has logged in to the hotel's Internet system, forexample, the guest who made the initial purchase. Upon the same guestthereafter utilizing a different guest device at the hotel, the systemdetects the room associated with the new device to be the same room asthe primary login and compares the stored guest identifier of theprimary login with a current guest identifier representing the guestcurrently registered for the room as retrieved from the hotel's PMS.When there is a match, the system knows that the room is still in use bythe same guest and automatically treats the new guest device as anadditional device, namely, the guest device is automatically givenInternet access and the user is optionally presented with an additionaldevice welcome screen rather than the screens for the regular sign-upprocedure. Alternatively, when there is not a match, the system knowsthat the room is now being utilized by a new guest and thereforepresents the regular sign-up procedure to the new guest. In other words,when a subsequent guest later checks in to the room and tries to connectto the Internet from their personal device, the login portal detects theroom number and queries the PMS for the current guest identifier of theguest currently registered for that room. Because the current guestidentifier of the current guest as specified in the PMS no longermatches that stored with the primary login record (from the previousguest), the login request is treated as a primary login request and thenew guest must perform the full sign-up procedure in order to login.

An advantage of the above embodiment is that the system does not solelyrely on verifying information retrieved from an unrecognized guestdevice at a web-based login portal. Instead, a stored guest identifierretrieved from the PMS at the time of the original purchase is comparedwith a current guest identifier retrieved from the PMS at the time theunrecognized guest device is detected on the network. When the guest ofthe room is the same, the stored guest identifier will match the currentguest identifier; when the guests are not the same, the stored guestidentifier will not match the current guest identifier. This helps toprevent problems caused by the guest entering inconsistent informationbetween the initial sign-on process and when later adding an additionaldevice. Furthermore, although the process of this embodiment supportsthe guest entering their last name and room number at the login portalas a way to verify the guest and identify the guest room associated withthe unrecognized guest device, this is not a requirement and the processcan also be transparent to the guest device without requiring the guestdevice to access the hotel's login portal before gaining Internetaccess. A guest device not capable of logging in at the login portal cantherefore be automatically logged in as an additional device of anexisting login record.

According to an exemplary embodiment of the invention a method ofcontrolling access to a network service provided over a computer networkof a hospitality establishment is disclosed. The method includesreceiving network traffic from a guest device on the computer network,wherein the guest device is operated by a guest of the hospitalityestablishment and is not already authorized to access the networkservice. The method further includes identifying, according to thenetwork traffic, a guest area of the hospitality establishment withwhich the guest device is associated, and querying a login database tofind an unexpired login for the guest area. The unexpired loginindicates that another guest device associated with the guest area haspreviously been granted access to the network service and that anallowed access duration for the other guest device has not yet expired.The unexpired login specifies a stored guest identifier corresponding toinformation retrieved from a property management system of thehospitality establishment regarding a guest of the guest area at a timewhen the unexpired login was created. The method includes comparing thestored guest identifier of the unexpired login with a current guestidentifier of the guest area, wherein the current guest identifiercorresponds to information retrieved from the property management systemregarding a current guest of the guest area. The method further includesautomatically allowing the guest device to access the network servicefor a remaining portion of the allowed access duration of the unexpiredlogin when the stored guest identifier matches the current guestidentifier.

According to another exemplary embodiment of the invention there isdisclosed a tangible computer-readable medium comprising computerexecutable instructions that when executed by a computer cause thecomputer to perform the above method.

According to another exemplary embodiment of the invention there isdisclosed an apparatus for controlling access to a network serviceprovided over a computer network of a hospitality establishment. Theapparatus includes a network interface coupled to the computer network,a login database storing therein a plurality of logins of guest devicesassociated with different guest areas that are already authorized toaccess the network service of the hospitality establishment, and one ormore processors coupled to the network interface and the database. Theone or more processors are operable to receive, via the networkinterface, network traffic from a guest device on the computer network,wherein the guest device is operated by a guest of the hospitalityestablishment and is not already authorized to access the networkservice. The one or more processors are further operable to identify,according to the network traffic, a guest area of the hospitalityestablishment with which the guest device is associated, and query thelogin database to find an unexpired login for the guest area. Theunexpired login indicates that another guest device associated with theguest area has previously been granted access to the network service andthat an allowed access duration for the other guest device has not yetexpired. The unexpired login specifies a stored guest identifiercorresponding to information retrieved from a property management systemof the hospitality establishment regarding a guest of the guest area ata time when the unexpired login was created. The one or more processorsare further operable to compare the stored guest identifier of theunexpired login with a current guest identifier of the guest area;wherein the current guest identifier corresponds to informationretrieved from the property management system regarding a current guestof the guest area. The one or more processors are further operable toautomatically reconfigure one or more network components of the computernetwork to thereby allow the guest device to access the network servicefor a remaining portion of the allowed access duration of the unexpiredlogin when the stored guest identifier matches the current guestidentifier.

According to another exemplary embodiment of the invention there isdisclosed an apparatus for controlling access to a network serviceprovided over a computer network of a hospitality establishment. Theapparatus includes means for receiving network traffic from a guestdevice on the computer network, wherein the guest device is operated bya guest of the hospitality establishment and is not already authorizedto access the network service. The apparatus further includes means foridentifying, according to the network traffic, a guest area of thehospitality establishment with which the guest device is associated, andmeans for determining whether an unexpired login exists for the guestarea. The unexpired login indicates that another guest device associatedwith the guest area has previously been granted access to the networkservice and that an allowed access duration for the other guest devicehas not yet expired. The unexpired login specifies a stored guestidentifier corresponding to information retrieved from a propertymanagement system of the hospitality establishment regarding a guest ofthe guest area at a time when the unexpired login was created. Theapparatus further includes means for comparing the stored guestidentifier of the unexpired login with a current guest identifier of theguest area when the unexpired login exists for the guest area, whereinthe current guest identifier corresponds to information retrieved fromthe property management system regarding a current guest of the guestarea. The apparatus further includes means for automatically allowingthe guest device to access the network service for a remaining portionof the allowed access duration of the unexpired login when the storedguest identifier matches the current guest identifier.

According to another exemplary embodiment of the invention there isdisclosed a method of controlling access to a network service providedover a computer network of a hospitality establishment. The methodincludes receiving network traffic from a guest device on the computernetwork, wherein the guest device is operated by a guest of thehospitality establishment and is not already authorized to access thenetwork service; and identifying, according to the network traffic, aguest area of the hospitality establishment with which the guest deviceis associated, wherein the guest area is one of a plurality ofphysically separate areas provided by the hospitality establishment. Themethod further includes querying a login database to find an unexpiredlogin for the guest area, the unexpired login indicating that anotherguest device associated with the guest area has previously been grantedaccess to the network service and that an allowed access duration forthe other guest device has not yet expired; and counting a total numberof guest devices that are associated with the unexpired login. Themethod further includes automatically allowing the guest device toaccess the network service for a remaining portion of the allowed accessduration of the unexpired login when the total number of guest deviceshas not already reached a predetermined allowable number of devices; andwhen the total number of guest devices has already reached thepredetermined allowable number of devices, causing the guest device todisplay a billing screen giving an option to increase the predeterminedallowable number of additional devices for a monetary charge.

According to another exemplary embodiment of the invention there isdisclosed a non-transitory tangible computer-readable medium comprisingcomputer executable instructions that when executed by a computer causethe computer to perform a method of controlling access to a networkservice provided over a computer network of a hospitality establishment.The method includes receiving network traffic from a guest device on thecomputer network, wherein the guest device is operated by a guest of thehospitality establishment and is not already authorized to access thenetwork service; and identifying, according to the network traffic, aguest area of the hospitality establishment with which the guest deviceis associated, wherein the guest area is one of a plurality ofphysically separate areas provided by the hospitality establishment. Themethod further includes querying a login database to find an unexpiredlogin for the guest area, the unexpired login indicating that anotherguest device associated with the guest area has previously been grantedaccess to the network service and that an allowed access duration forthe other guest device has not yet expired; and counting a total numberof guest devices that are associated with the unexpired login. Themethod further includes automatically allowing the guest device toaccess the network service for a remaining portion of the allowed accessduration of the unexpired login when the total number of guest deviceshas not already reached a predetermined allowable number of devices; andwhen the total number of guest devices has already reached thepredetermined allowable number of devices, causing the guest device todisplay a billing screen giving an option to increase the predeterminedallowable number of additional devices for a monetary charge.

According to another exemplary embodiment of the invention there isdisclosed an apparatus for controlling access to a network serviceprovided over a computer network of a hospitality establishment. Theapparatus includes a network interface coupled to the computer network;a storage device storing a login database of a plurality of logins ofguest devices that are already authorized to access the network service;and one or more processors coupled to the network interface and thestorage device. The one or more processors are operable to receive, viathe network interface, network traffic from a guest device on thecomputer network, wherein the guest device is operated by a guest of thehospitality establishment and is not already authorized to access thenetwork service; and identify, according to the network traffic, a guestarea of the hospitality establishment with which the guest device isassociated, wherein the guest area is one of a plurality of physicallyseparate areas provided by the hospitality establishment. The one ormore processors are further operable to query the login database to findan unexpired login for the guest area, the unexpired login indicatingthat another guest device associated with the guest area has previouslybeen granted access to the network service and that an allowed accessduration for the other guest device has not yet expired; and count atotal number of guest devices that are associated with the unexpiredlogin. The one or more processors are further operable to automaticallyreconfigure one or more network components of the computer network tothereby allow the guest device to access the network service for aremaining portion of the allowed access duration of the unexpired loginwhen the total number of guest devices has not already reached apredetermined allowable number of devices; and when the total number ofguest devices has already reached the predetermined allowable number ofdevices, cause the guest device to display a billing screen giving anoption to increase the predetermined allowable number of additionaldevices for a monetary charge.

According to an exemplary embodiment of the invention there is disclosedan apparatus for controlling access to a network service provided over acomputer network of a hospitality establishment. The apparatus includesa network interface coupled to the computer network, a storage device,and one or more processors coupled to the network interface and thestorage device. By the one or more processors executing softwareinstructions loaded from the storage device, the one or more processorsare configured to receive first network traffic from a first guestdevice on the computer network and determine a guest area of thehospitality establishment that is associated with the first guestdevice. The guest area is one of a plurality of physically separateareas provided by the hospitality establishment, and assignment of theguest area for guest usage is managed by a property management system(PMS) of the hospitality establishment. The one or more processors arefurther configured to query a login database to determine that there isno unexpired login record for the guest area at a time the first networktraffic is received, require the first guest device to successfullycomplete a login process at a login portal before granting the firstguest device access to the network service, and query the propertymanagement system (PMS) of the hospitality establishment to retrieve afirst guest identifier representing a guest registered for the guestarea at a time the login process is successfully completed by the firstguest device. The one or more processors are further configured to storea login record for the guest area in the login database and includingthe first guest identifier in the login record in response to the firstguest device successfully completing the login process, receive secondnetwork traffic from a second guest device on the computer network, anddetermine that the second guest device is associated with the guestarea. The one or more processors are further configured to query thelogin database to determine that an allowed access time of the loginrecord for the guest area has not yet expired at a time the secondnetwork traffic is received, query the property management system (PMS)to retrieve a second guest identifier representing a guest registeredfor the guest area at the time the second network traffic is received,and compare the second guest identifier with the first guest identifier.In response to the second guest identifier not matching the first guestidentifier, the one or more processors require the second guest deviceto successfully complete the login process at the login portal beforegranting the second guest device access to the network service. Inresponse to the second guest identifier matching the first guestidentifier, the one or more processors automatically grant the secondguest device access to the network service for a remaining portion ofthe allowed access duration of the login record without requiring thesecond guest device to successfully complete the login process at thelogin portal.

According to an exemplary embodiment of the invention there is discloseda method of controlling access to a network service provided over acomputer network of a hospitality establishment. The method includesreceiving first network traffic from a first guest device on thecomputer network and determining a guest area of the hospitalityestablishment that is associated with the first guest device. The guestarea is one of a plurality of physically separate areas provided by thehospitality establishment, and assignment of the guest area for guestusage is managed by a property management system (PMS) of thehospitality establishment. The method further includes querying a logindatabase to determine that there is no unexpired login record for theguest area at a time the first network traffic is received; requiringthe first guest device to successfully complete a login process at alogin portal before granting the first guest device access to thenetwork service, querying the property management system (PMS) of thehospitality establishment to retrieve a first guest identifierrepresenting a guest registered for the guest area at a time the loginprocess is successfully completed by the first guest device, and storinga login record for the guest area in the login database and includingthe first guest identifier in the login record in response to the firstguest device successfully completing the login process. The methodfurther includes receiving second network traffic from a second guestdevice on the computer network, determining that the second guest deviceis associated with the guest area, querying the login database todetermine that an allowed access time of the login record for the guestarea has not yet expired at a time the second network traffic isreceived. The method further includes querying the property managementsystem (PMS) to retrieve a second guest identifier representing a guestregistered for the guest area at the time the second network traffic isreceived and comparing the second guest identifier with the first guestidentifier. In response to the second guest identifier not matching thefirst guest identifier, the method further includes requiring the secondguest device to successfully complete the login process at the loginportal before granting the second guest device access to the networkservice. In response to the second guest identifier matching the firstguest identifier, the method further includes automatically granting thesecond guest device access to the network service for a remainingportion of the allowed access duration of the login record withoutrequiring the second guest device to successfully complete the loginprocess at the login portal.

According to an exemplary embodiment of the invention there is discloseda non-transitory processor-readable medium comprising a plurality ofprocessor-executable instructions that when executed by one or moreprocessors cause the one or more processors to perform the steps of theabove method.

According to an exemplary embodiment of the invention there is disclosedan apparatus for controlling access to a network service provided over acomputer network of a hospitality establishment. The apparatus includesa network interface coupled to the computer network, a storage device,and one or more processors coupled to the network interface and thestorage device. By the one or more processors executing softwareinstructions loaded from the storage device, the one or more processorsare configured to receive network traffic from a guest device via thecomputer network, the network traffic including a device identifier ofthe guest device, and determine, based upon the device identifier, thatthe guest device is not already authorized to access the network serviceat a time the network traffic is received, the guest device henceconsidered to be an unrecognized guest device. The one or moreprocessors are further configured to query a user profile server todetermine a user identifier that is associated with the deviceidentifier of the guest device and query the login database to find anunexpired login record of a different authorized guest device associatedwith the user identifier, the unexpired login record granting thedifferent authorized guest device access to the network service for anallowed access duration. The one or more processors are furtherconfigured to automatically grant the unrecognized guest device accessto the network service for a remaining portion of the allowed accessduration of the unexpired login record of the authorized guest device.The unrecognized guest device is automatically granted access to thenetwork service without the device identifier of the unrecognized guestdevice being stored in the login database prior to receiving the networktraffic from the unrecognized guest device.

According to an exemplary embodiment of the invention there is discloseda method of controlling access to a network service provided over acomputer network of a hospitality establishment. The method includesreceiving network traffic from a guest device via the computer network,the network traffic including a device identifier of the guest device,determining, based upon the device identifier, that the guest device isnot already authorized to access the network service at a time thenetwork traffic is received, the guest device hence considered to be anunrecognized guest device, and querying a user profile server todetermine a user identifier that is associated with the deviceidentifier of the guest device. The method further includes querying thelogin database to find an unexpired login record of a differentauthorized guest device associated with the user identifier, theunexpired login record granting the different authorized guest deviceaccess to the network service for an allowed access duration; andautomatically granting the unrecognized guest device access to thenetwork service for a remaining portion of the allowed access durationof the unexpired login record of the authorized guest device. Theunrecognized guest device is automatically granted access to the networkservice without the device identifier of the unrecognized guest devicebeing stored in the login database prior to receiving the networktraffic from the unrecognized guest device.

According to an exemplary embodiment of the invention there is discloseda non-transitory processor-readable medium comprising a plurality ofprocessor-executable instructions that when executed by one or moreprocessors cause the one or more processors to perform steps ofreceiving network traffic from a guest device via a computer network,the network traffic including a device identifier of the guest device,and determining, based upon the device identifier, that the guest deviceis not already authorized to access a network service at a time thenetwork traffic is received, the guest device hence considered to be anunrecognized guest device. The instructions further cause the one ormore processors to perform steps of querying a user profile server todetermine a user identifier that is associated with the deviceidentifier of the guest device and querying the login database to findan unexpired login record of a different authorized guest deviceassociated with the user identifier, the unexpired login record grantingthe different authorized guest device access to the network service foran allowed access duration. The instructions further cause the one ormore processors to perform steps of automatically granting theunrecognized guest device access to the network service for a remainingportion of the allowed access duration of the unexpired login record ofthe authorized guest device. The unrecognized guest device isautomatically granted access to the network service without the deviceidentifier of the unrecognized guest device being stored in the logindatabase prior to receiving the network traffic from the unrecognizedguest device.

According to another exemplary embodiment of the invention there isdisclosed an apparatus for controlling access to a network serviceprovided over a computer network of a hospitality establishment. Theapparatus includes a network interface coupled to the computer network,a storage device, and one or more processors coupled to the networkinterface and the storage device. By the one or more processorsexecuting software instructions loaded from the storage device, the oneor more processors are configured to receive network traffic from aguest device via the computer network, the network traffic including adevice identifier of the guest device. The one or more processors arefurther configured to determine, based upon the device identifier,whether the guest device is already authorized to access the networkservice at a time the network traffic is received and consider the guestdevice to be an unrecognized guest device when the guest device isdetermined to not already be authorized to access the network service.The one or more processors are further configured to query a userprofile server to determine a user identifier that is associated withthe device identifier of the unrecognized guest device, and query aproperty management system (PMS) of the hospitality establishment todetermine whether the user identifier is associated with a current guestof the hospitality establishment, and, when yes, to determine a guestarea registered to the current guest. The one or more processors arefurther configured to query a login database to find an unexpired loginrecord of an authorized guest device associated with the guest area, theunexpired login record granting the authorized guest device access tothe network service for an allowed access duration, wherein a storeddevice identifier in the unexpired login record of the authorized guestdevice is different from the device identifier of the unrecognized guestdevice. The one or more processors are further configured toautomatically grant the unrecognized guest device access to the networkservice for a remaining portion of the allowed access duration of theunexpired login record of the authorized guest device. In this way, theunrecognized guest device is automatically granted access to the networkservice without the device identifier of the unrecognized guest devicebeing stored in the login database prior to receiving the networktraffic from the unrecognized guest device.

According to another exemplary embodiment of the invention there isdisclosed a method of controlling access to a network service providedover a computer network of a hospitality establishment. The methodincludes receiving network traffic from a guest device via the computernetwork, the network traffic including a device identifier of the guestdevice. The method further includes determining, based upon the deviceidentifier, whether the guest device is already authorized to access thenetwork service at a time the network traffic is received andconsidering the guest device to be an unrecognized guest device when theguest device is determined to not already be authorized to access thenetwork service. The method further includes querying a user profileserver to determine a user identifier that is associated with the deviceidentifier of the unrecognized guest device, and querying a propertymanagement system (PMS) of the hospitality establishment to determinewhether the user identifier is associated with a current guest of thehospitality establishment, and, when yes, determining a guest arearegistered to the current guest.

querying a login database to find an unexpired login record of anauthorized guest device associated with the guest area, the unexpiredlogin record granting the authorized guest device access to the networkservice for an allowed access duration, wherein a stored deviceidentifier in the unexpired login record of the authorized guest deviceis different from the device identifier of the unrecognized guestdevice. The method further includes automatically granting theunrecognized guest device access to the network service for a remainingportion of the allowed access duration of the unexpired login record ofthe authorized guest device. In this way, the unrecognized guest deviceis automatically granted access to the network service without thedevice identifier of the unrecognized guest device being stored in thelogin database prior to receiving the network traffic from theunrecognized guest device.

According to another exemplary embodiment of the invention there isdisclosed a non-transitory processor-readable medium comprising aplurality of processor-executable instructions that when executed by oneor more processors cause the one or more processors to perform steps ofreceiving network traffic from a guest device via a computer network ofa hospitality establishment, the network traffic including a deviceidentifier of the guest device; determining, based upon the deviceidentifier, whether the guest device is already authorized to access thenetwork service at a time the network traffic is received andconsidering the guest device to be an unrecognized guest device when theguest device is determined to not already be authorized to access thenetwork service; querying a user profile server to determine a useridentifier that is associated with the device identifier of theunrecognized guest device; querying a property management system (PMS)of the hospitality establishment to determine whether the useridentifier is associated with a current guest of the hospitalityestablishment, and, when yes, determining a guest area registered to thecurrent guest; querying a login database to find an unexpired loginrecord of an authorized guest device associated with the guest area, theunexpired login record granting the authorized guest device access tothe network service for an allowed access duration, wherein a storeddevice identifier in the unexpired login record of the authorized guestdevice is different from the device identifier of the unrecognized guestdevice; and automatically granting the unrecognized guest device accessto the network service for a remaining portion of the allowed accessduration of the unexpired login record of the authorized guest device.In this way, the unrecognized guest device is automatically grantedaccess to the network service without the device identifier of theunrecognized guest device being stored in the login database prior toreceiving the network traffic from the unrecognized guest device.

These and other advantages and embodiments of the present invention willno doubt become apparent to those of ordinary skill in the art afterreading the following detailed description of the preferred embodimentthat is illustrated in the various figures and drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

The invention will be described in greater detail with reference to theaccompanying drawings which represent preferred embodiments thereof,wherein:

FIG. 1 is a block diagram of a system for allowing a guest of ahospitality establishment to access a network service from multipleguest devices according to an exemplary embodiment of the invention;

FIG. 2 is a flowchart showing functionality of the service controller ofFIG. 1 when controlling access to the network service;

FIG. 3 illustrates an exemplary set of login data in the login databaseof FIG. 1, each login record storing a stored guest identifiercorresponding to information retrieved from a property management system(PMS) of the hospitality establishment regarding a guest of the guestarea at a time when the login record was created;

FIG. 4 is a block diagram of a wired portion of the hotel's local areanetwork of FIG. 1;

FIG. 5 is a flowchart describing functionality of the service controllerof FIG. 1 automatically identifying a guest area of the hotel of FIG. 1by performing room detection, which involves tracing network trafficreceived from a guest device to a source access-node of the hotel LANillustrated in FIG. 4;

FIG. 6 illustrates an exemplary network map of the hotel's LAN asutilized in the final step of the flowchart in FIG. 5;

FIG. 7 illustrates a user interface (UI) screen provided by the UImodule and/or the user profile server of FIG. 1 allowing modification ofinformation stored in a user profile database for an exemplary user;

FIG. 8 is a flowchart describing functionality of the service controllerof FIG. 1 automatically identifying a guest area of the hotel of FIG. 1by performing device identifier lookup when receiving network trafficfrom a guest device having a device identifier associated with aparticular user in the user profile database of FIG. 1;

FIG. 9 illustrates an exemplary property management system (PMS)database storing current guest identifiers corresponding to currentguests for each of the guest areas in the hospitality establishment; and

FIG. 10 illustrates an additional guest device login screen provided toa guest device by the UI module of FIG. 1 when allowing a guest deviceto access the network service would exceed a predetermined allowablenumber of guest devices.

DETAILED DESCRIPTION

FIG. 1 is a block diagram of a system 100 for allowing a guest of ahospitality establishment 101 to access a network service from multipleguest devices 102 operated by the guest at the hospitality establishment101 according to an exemplary embodiment of the invention. In thisembodiment, the hospitality establishment 101 is a hotel and the networkservice is high speed Internet access (HSIA) provided to the guestdevices 102 over the hotel's computer network 104.

A service controller 106 is coupled between the hotel's LAN 104 and theInternet 108. The service controller 106 in this embodiment is acomputer server including a first network interface 110 coupled to theInternet 108 and a second network interface 112 coupled to the hotel'sLAN 104. The service controller 106 further includes a module storagedevice 114 and a data storage device 116, and each of the networkinterfaces 110, 112 and storage devices 114, 116 are coupled to one ormore processors 118. In the following description, the plural form ofthe word “processors” is utilized as it is common for a centralprocessing unit (CPU) of a computer server to have multiple processors(sometimes also referred to as cores); however, it is to be understoodthat a single processor may also be configured to perform thebelow-described functionality in other implementations.

The service controller 106 in this embodiment integrates and performs avariety of functions at the hotel 101. To allow the service controller106 to perform these functions, the module storage device 114 storessoftware modules for execution by the processors 118, including acontroller module 120, a user interface (UI) module 122, agateway/firewall module 124, a property management system (PMS) module126, and a dynamic host control protocol (DHCP) module 128.

Briefly described, the controller module 120 controls the ability ofguest devices 102 at the hotel 101 to access the Internet 108 bydynamically reconfiguring the gateway/firewall module 124. The UI module122 acts as a web server providing the hotel's HSIA login portal,allowing both guests and staff at the hotel 101 to receive informationfrom and interact with the service controller 106. The gateway/firewallmodule 124 controls network traffic passed between the Internet 108 andthe hotel LAN 104 and acts as the default gateway of the hotel's LAN104. The PMS module 126 manages property-specific details of the hotel101 such as guest reservations and room assignments. The DHCP module 128assigns dynamic Internet Protocol (IP) addresses and other networkconfiguration information to new guest devices 102 as they are connectedto the hotel's LAN 104.

The data storage device 116 stores data utilized by the processors 118when performing the functions of the various modules 120, 122, 124, 126,128. In this embodiment, the data storage device 116 stores a logindatabase 130 containing details of Internet package purchases by guestsof the hotel staying in various guest areas 150. A reconfigurable set offirewall rules 134 is followed by the gateway/firewall module 124 toprevent Internet access for unauthorized devices according to a defaultrule, and includes dynamically added device-specific exceptions to thedefault rule (i.e., one or more device-specific rules) allowing Internetaccess for specific guest devices 102 operated by guests who havepurchased an Internet package at the hotel 101. A network map 132 storesdetails of how various network components in the hotel's computernetwork 104 are interconnected. Finally, the guest database 136 storesdetails of the current guests, events, and room assignments of the hotel101 in conjunction with the PMS module 126. In this embodiment, one ormore relational database(s) is/are utilized to implement the logindatabase 130 and the guest database 136; however, the term “database” asutilized in this description is meant to refer to any stored collectionof organized data.

The hotel 101 includes a number of guest areas 150, of which a singleguest area 150 is illustrated in FIG. 1 and assumed to be an individualhotel guest room in this description. Although only a single guest area150 is illustrated, the hotel 101 may actually include a plurality ofdifferent guest areas 150 such as physically separated guest rooms.Meeting rooms and conference areas may also be further guest areas inanother example. Logical guest areas 150 may also be employed in otherexamples, and users may remain associated with separate guest areas 150even though the users may be physically able to roam throughout thehospitality establishment 101 (e.g., roam into another guest's room orarea 150).

Generally speaking, an individual guest of the hotel 101 will beassociated with at least one guest area 150; for example, a guest may beassigned to “Guest Room 117” for a two night stay at the hotel 101. Theguest may bring to the hotel 101 several personal electronic devices,referred to as guest devices 102 in this description. For example, theguest staying in the guest area 150 illustrated in FIG. 1 has brought alaptop computer 102 a, a mobile phone 102 b, and a tablet computer 102c. In another embodiment, the guest devices 102 may be provided to theguest by the hospitality establishment 101 rather than being brought tothe hotel by the guest.

For illustration purposes, the laptop computer 102 a in this example isconnected to the hotel's LAN 104 via a wired connection such as anEthernet cable and port provided in the guest's assigned room 150. TheEthernet port in the guest's room 150 is attached to a particular portof a source switch 140. The mobile phone 102 b and the tablet computer102 c in this example are wirelessly connected to the hotel's LAN 104 bythe guest wirelessly associating them with a service set identifier(SSID) broadcast by an access point (AP) 142. The service controller 106(in particular the gateway/firewall module 124 and DHCP module 128),source switch 140, and the AP 142 are examples of network componentsforming the hotel's computer network 104; other network components inLAN 104 such as other switches and other APs are not shown in FIG. 1 forsimplicity purposes.

Concerning the remaining elements illustrated in FIG. 1, a user profileserver 170 providing remote access to a central user profile database172 is coupled to the hotel 101 via the Internet 108. The user profiledatabase 172 stores a plurality of user profiles, each user profileassociating one or more user identifiers such as loyalty program memberidentifiers with one or more guest device identifiers such MACaddresses. The user profile server 170 may further be coupled via theInternet 108 to a plurality of different hospitality establishments suchas other hotels and resorts (not shown).

Various external websites 160 are also shown coupled to the Internet 108in FIG. 1. These external websites 160 represent various web servers onthe Internet 108 that may be accessed by a guest device 102 at the hotel101 only after the HSIA service has been activated for that guest device102, i.e., after the gateway/firewall module 124 has been reconfigured(e.g., firewall rules 134 dynamically modified) by the controller module120 (or another module such as the UI module 122) to add adevice-specific exception rule clearing the MAC address of the guestdevice 102 for Internet 108 access.

FIG. 2 is a flowchart showing functionality of the service controller106 of FIG. 1 when controlling the ability of a guest device 102connected to the hotel's computer network 104 to access to the hotel'sHSIA service according to an exemplary embodiment of the invention. Thesteps of the flowchart of FIG. 2 are not restricted to the exact ordershown, and, in other embodiments, shown steps may be omitted or otherintermediate steps added. In this embodiment, the processors 118 executeone or more of the modules 120, 122, 124, 126, 128 in order to cause theservice controller 106 to perform the illustrated steps.

The process begins at step 200 when the service controller 106 receivesnetwork traffic from an unrecognized guest device 102 on the hotel'scomputer network 104. In some cases, the network traffic is received atthe hotel's web based login portal provided by the UI module 122. Thiscould happen, for example, as a result of the default rule of thefirewall rules 134 redirecting the unrecognized guest device 102 to thelogin portal upon its first website request. However, in otherembodiments, the network traffic need not be web traffic and mayinstead/or in addition be any type of network traffic transmitted on theLAN 104 by the unrecognized guest device 102. For example, in someparticularly advantageous embodiments, the network traffic received atthis step is a dynamic host control protocol (DHCP) message broadcast bythe unrecognized user device when it is first connected to the hotel'scomputer network 104.

Typical guest devices 102 will utilize DHCP to configure themselves forthe hotel LAN 104 upon initial connection (either wired or wireless) byimmediately broadcasting DHCP messages such as DHCP discover/request.The DHCP module 128 (or another DHCP server on the hotel LAN 104)responds to the newly connected user device 102 with DHCPoffer/acknowledgement. These messages pass various network configurationinformation such a dynamic IP address assigned to the guest device 102,a default gateway IP address for use by the user device 102 when sendingnetwork traffic to destinations off a local subnet (set to the IPaddress of the gateway/firewall module 124 in this example), and anetmask setting allowing the user device 102 to determine whichdestination addresses are off the local subnet. Regardless of whetherthe DHCP module 128 (or another DHCP server) is located within orexternal to the service controller 106, because the DHCP messages arebroadcast on the hotel LAN 104, the controller module 120 is able toreceive the DHCP messages.

In yet another embodiment, the network traffic received from anunrecognized user device 102 may be a request to access an externalwebsite 160 on the Internet. Such network traffic will be received bythe default gateway (i.e., gateway/firewall module 124), which willautomatically block the request according to its default rule forunrecognized guest devices 102. Since the gateway/firewall module 124 inthis embodiment is included within the service controller 106, anyrequest from a device on the hotel's LAN 104 to access an externalwebsite 160 will be received at the service controller 106 (e.g., actingas the default gateway for the hotel's LAN). Receiving the networktraffic at the gateway/firewall module 124 does not require redirectingthe unrecognized user device 102 to the login portal provided by the UImodule 122, although this may still occur in some situations such aswhen the service controller 106 cannot automatically identify aparticular guest area 150 that is associated with the unrecognized guestdevice 102 without requiring the user to enter or verify someinformation at the login portal.

Combinations of these and other types of received network traffic mayalso be employed. For example, the controller module 120 may supportreceiving network traffic being a DHCP message from some guest devices102, connection requests for external websites 160 from other guestdevices 102, and data entered by the guest at the hotel's login portalprovided by UI module 122 from yet other guest devices 102.

The unrecognized guest device 102 from which the network traffic isreceived at step 200 is considered unrecognized because it has notalready been granted access to the Internet 108. For example, after aguest has purchased Internet access at the hotel utilizing mobile phone102 b, the mobile phone 102 b device identifier (e.g., MAC or IPaddress) is recorded in the login database 130 along with its associatedguest area 150 of the hotel 101, Internet access expiry time, and otherdetails regarding its service entitlements such as bandwidth and allowednumber of guest devices. After the initial purchase, the mobile phone102 b is considered “logged in” to the hotel's HSIA service and it willbe able to access websites 160 on the Internet 108 until its loginaccess duration expires (e.g., 24 hours after purchase of a packageproviding 1-day of Internet access). After the expiry time is reached,it will be considered “logged out” meaning it will lose Internet accessbecause the rule clearing the mobile phone 102 b for Internet 108 accessis removed from the firewall rules 134. In some embodiments, the loginrecord is removed from the login database 130 by the controller module120 at logout; however, in a preferred embodiment the login record ismoved to an archive database (not shown) to keep a historical record ofpreviously logged in devices in case there is a later dispute of thebilling record and for statistical purposes.

FIG. 3 illustrates an exemplary set of login data for a plurality ofpurchased Internet packages as stored in the login database of FIG. 1.The login data is organized as a database table having one row per guestdevice 102 with data stored in columns. The “Device ID” column 300stores the unique device identifier (e.g., MAC address) of the guestdevice 102. IP addresses assigned to the guest device 102 by the DHCPmodule 128 may also be utilized as the guest device identifier in thiscolumn 300. The “Stored guest ID” column 302 specifies a stored guestidentifier representing the guest of the hospitality establishment 101registered for the guest area (in column 304) as retrieved from the PMSat the time of the purchase. The stored guest identifier in column 302is retrieved from the hotel's PMS database 136 at the time of the loginrecord is created. The “Guest area” column 304 stores the guest area 150to which the row of the login database pertains. The “HSIA expiry”column 306 stores the expiry date and time of the login record. The“Max. bandwidth” column 308 stores the bandwidth entitlement specifiedas a maximum bandwidth cap that will be provided to the guest device 102assuming the hotel's full bandwidth capacity is not at 100% utilization.Finally, the “Allowed guest devices” column 309 specifies the maximumnumber of guest devices 102 that the guest is allowed to utilize undertheir Internet package without incurring an additional monetary charge.The shown columns are meant as an example and other or different columnsof login data may be utilized in different embodiments.

In this example, an unrecognized guest device 102 is any guest device102 on the hotel LAN 104 with a MAC address that does not match a guestdevice identifier stored in column 300 for an unexpired row of the logindatabase 130.

Returning again to the description of FIG. 2, at step 202, thecontroller module 102 identifies a guest area 150 of the hotel 101 withwhich the unrecognized guest device 102 is associated. Thisidentification is done at least in part according to the receivednetwork traffic. In some situations, the network traffic itself includesdata specifying the associated guest area 150, for example, a user mayclick an “Already Purchased?” button on the hotel's web based loginportal provided by the UI module 122 and provide their last name androom number to verify their identify. In this situation, the guest area150 determined at this step according to the received network traffic issimply the room number provided to the login portal by the guest,assuming that the entered name matches that of the current guest stayingin the specified room according to the hotel's PMS database 136. Whenthe guest's identify is thus verified, the login portal simply extractsthe designation of the guest area 150 from within the network trafficand determines the unrecognized user device 102 to be associated withthat designated guest area 150.

In other situations, the network traffic itself may not explicitlydesignate the guest's room number. For example, when the network trafficreceived at step 200 is a DHCP message or a connection request for anexternal website 160, the network traffic will typically not include anyroom number (or other guest area 150 designation) for direct extractionby the controller module 120. In these situations, there are at leasttwo techniques that the controller module 120 can utilize toautomatically identify the guest area 150 with which the unrecognizedguest device is associated according to the received network traffic: 1)room detection and 2) device identifier lookup.

Room Detection

Room detection involves tracing the network traffic received from theunrecognized guest device 102 to a source access-node on the hotel'scomputer network 104, and then looking up the guest area 150 that ismapped to the source access-node in the hotel's network map 132. Thistechnique is particularly well-suited when the unrecognized guest device102 is connected to the hotel's computer network 104 utilizing a wirednetwork connection such as 10/100 Ethernet; however, it may also beemployed in some network layouts when the guest device 102 is connectedvia a wireless connection.

FIGS. 4, 5, and 6 help explain how automatic room detection in step 202is performed assuming the unrecognized user device 102 from which thenetwork traffic is received at step 200 is the guest's laptop computer102 a. FIG. 4 is a block diagram of an example wired portion of thehotel's local area network 104, FIG. 5 is a flowchart describingfunctionality of the controller module 120 automatically identifying aguest area 150 of the hotel of FIG. 1 in response to receiving networktraffic from the laptop computer 102 a over the wired portion of thehotel LAN 104, and FIG. 6 illustrates an exemplary network map of thehotel's LAN as utilized in the final step of the flowchart in FIG. 5.The steps of the flowchart of FIG. 5 are not restricted to the exactorder shown, and, in other embodiments, shown steps may be omitted orother intermediate steps added. In this embodiment, the processors 118execute one or more of the modules 120, 122, 124, 126, 128 in order tocause the service controller 106 to perform the illustrated steps.

As shown in FIG. 4, the hotel's LAN 104 includes a plurality of switches400 where ports 410 of each switch 400 are connected to Ethernet portsavailable in various guest rooms of the hotel 101. For example, eachswitch port 410 may be connected by an Ethernet cable to an in-roomEthernet port. A guest in the exemplary “Guest room 117” connects theirlaptop computer 102 a to the in-room Ethernet port, and network trafficfrom the laptop computer 102 a enters the hotel's computer network 104via “Port 2” of “Switch E”. This point of entry of the network trafficis designated the source access-node for laptop 102 a in thisdescription.

As shown in FIG. 5, the controller module 120 can automaticallydetermine the source access-node for laptop 102 a by querying theswitches 400 (e.g., recursively) to report the port 410 on which thenetwork traffic was received until the source access-node is eventuallyreached.

At step 500, the controller module 120 utilizes simple networkmanagement protocol (SNMP) to query the core switch (e.g., “Switch A”)of the hotel's LAN 104 to find the port that is associated with thedevice identifier (e.g., MAC address or IP address) of the laptop 102 aas specified in the received network traffic. The core switch (e.g.,“Switch A”) will have heard this device identifier in network trafficreceived from “Port 5”. At step 502 the controller module 120 checks thenetwork map 132 (see FIG. 6) to find out that “Port 5” of “Switch A” isconnected to a subsequent “Switch D”. Therefore, at step 504 thecontroller module 120 sends SNMP commands to “Switch D” to find outwhich port of that switch is associated with the MAC (or IP) address ofthe laptop computer 102 a. “Switch D” reports that “Port 6” isassociated with this network traffic and, again according to the networkmap 132, the controller module finds that the destination is anothersubsequent switch (“Switch E”) at step 502. Step 504 is repeated byquerying “Switch E” and finally “Port 2” of this switch is foundassociated with the MAC (or IP) address of the laptop 102 a specified inthe received network traffic. Because this port is not connected to asubsequent switch in the network map 132, the process moves from step502 to step 506. In this way, the controller module determines theunrecognized laptop computer 102 a is associated with “Guest room 117”because this is the destination of “Port 2” of “Switch E” (the sourceaccess-node) in the network map 132 (see row 600 in FIG. 6).

Although the above example of automatic room detection is focused onwired connections through switches 400 of the hotel LAN 104, other typesof network components may also be queried in a similar way. For example,the same process may be utilized at some hospitality establishments 101where each guest area 150 has its own micro-coverage AP 142. In such adesign, each guest area 150 is serviced by its own AP 142 and thereforethe network map 132 can further specify the destination guest area 150served by each AP 142. When network traffic is traced back to a switchport that is connected to a particular AP 142, the unrecognized guestdevice 102 is therefore determined by the controller module 120 to beassociated with the guest area 150 serviced by that particular AP 142.In another example, some APs also support remote queries of whether aspecified MAC address (or IP address) is currently associated therewithand to what SSID. Such APs can also be queried by the controller module120, and the resulting identified SSID mapped to a particular sourceaccess-node such as where each guest area 150 is served by a uniqueSSID.

Device Identifier Lookup

Device identifier lookup involves querying one or more databases todetermine whether the device identifier specified in the network trafficreceived at step 200 can be matched or otherwise cross-referenced to aparticular guest area 150 of the hotel. This technique is employableregardless of the network layout of the hotel LAN 104, and is notdependent on the type of connection between the unrecognized guestdevice and the hotel LAN 104 (e.g., connection can be any type ofwireless or wired connection).

FIGS. 7, 8, and 9 help explain how automatic device identifier lookup instep 202 is performed, again assuming the unrecognized user device 102from which the network traffic is received at step 200 is the guest'slaptop computer 102 a. In this example, the controller module 120queries the user profile server 170 over the Internet 108 to see if aspecific user profile has registered a personal device having a MACaddress matching the MAC address specified in the network trafficreceived at step 200. When there is such a user profile, the controllermodule 120 checks the hotel's guest database 136 (e.g., PMS) to see ifone of the user identifiers associated with that user profile isassociated with a current guest of the hotel 101. When yes, thecontroller module 120 can thereby correlate the unrecognized guestdevice to a specific guest area of the hotel 101, for example, thecurrent guest's registered room as retrieved from the hotel's PMS 136.

FIG. 7 illustrates a user interface (UI) screen 700 provided by the UImodule 122 and/or the user profile server 170 allowing a specific userto modify their information in the user profile database 172. As shownin FIG. 7, each user may have any number of guest devices 102 associatedwith their user profile account. Device names are listed in column 702with each user device's corresponding device identifier (e.g., MACaddress) shown in column 704. These fields are editable by the user, andthe user may add new user devices or remove user devices to their userprofile at any time.

The UI screen 700 further allows each user to modify the useridentifiers associated with their account. As shown in FIG. 7, the useridentifiers associated with the account in this example are all thevarious loyalty program membership numbers utilized by the user atdifferent hospitality establishments. Each hospitality establishment islisted in column 710 with the user's corresponding loyalty programmember identifier and user type listed in columns 712 and 714,respectively. In some embodiments, the user may be able to freely adjustthe loyalty numbers in column 712, but may need to perform an upgradeprocess by clicking an “upgrade” button 720 in order to upgrade tohigher user type at a particular hospitality establishment in column714. The upgrade process may involve a monetary payment.

In addition to the UI module 122 within the service controller 106 atthe hotel 101, the user profile server 170 may also be operable toprovide web-based access to UI screen 700. In this way, any user mayaccess their user profile UI screen 700 from any location over theInternet 108. Before accessing UI screen 700, users may need toauthenticate themselves to either the UI module 122 or the user profileserver 170 such as by entering a username/password combination.Additionally, staff at the hotel 101, call center support staff, andadministrators of the user profile server 170 may be able to access theUI screen 700 for any user account in order to assist users whenrequired.

An exemplary use case scenario of UI screen 700 proceeds as follows: Auser creates a user profile on the user profile server 170. Byinteracting with UI screen 700, the user stores on their user profilethe MAC addresses of the electronic devices 102 they will take with themwhile travelling, and stores the loyalty program number identifiersbelonging to the user at the various hospitality establishments at whichthe user will be (or might be) a guest. The user then travels to any ofthe listed hospitality establishments and connects any of the listeduser devices 102 to the local LAN 104 available at the hospitalityestablishment.

Taking the situation where the user has already purchased Internetaccess at the hotel 101 (e.g., utilizing their mobile phone 102 b oranother method such as adding an Internet package to their room duringthe check-in procedure at the front desk), upon connecting anunrecognized guest device 102 such as their laptop computer 102 a to thenetwork 104, the laptop computer 102 a utilizes DHCP in order to obtainan IP address on the LAN 104. The process shown in FIG. 2 thus begins atstep 200 when receiving a DHCP message from the unrecognized laptop 102a and control proceeds to step 202 to identify a guest area 150 withwhich the laptop 102 is associated.

FIG. 8 is a flowchart describing functionality of the controller module120 automatically identifying a guest area 150 of the hotel of FIG. 1 bylooking up a device identifier (e.g., MAC address) specified in thereceived network traffic. The steps of the flowchart of FIG. 8 are notrestricted to the exact order shown, and, in other embodiments, shownsteps may be omitted or other intermediate steps added. In thisembodiment, the processors 118 execute one or more of the modules 120,122, 124, 126, 128 in order to cause the service controller 106 toperform the illustrated steps.

At step 800, the controller module 120 queries the user profile database172 to determine whether there is a user identifier (ID) that isassociated with the MAC address of the unrecognized laptop 102 aspecified in the network traffic received at step 200. As shown in FIG.1, the user profile database 172 in this embodiment is stored remote tothe hotel 101 at a central user profile server 170. Therefore, this stepmay be performed by the processors 118 sending and receiving networkpackets to/from the user profile server 170 via the first networkinterface 110 and the Internet 108.

With reference to UI screen 700 in FIG. 7, the user profile database 172associates each of a plurality of different user identifiers (IDs) incolumn 712 with one or more device identifiers (e.g., MAC addresses inthis embodiment) in column 704. A collection of different user IDs maybe associated with multiple MAC addresses such as when a single user hasvarious loyalty program member identifiers at different hospitalityestablishments and owns multiple user devices 102. For example, theexemplary user in FIG. 7 belongs to five different hospitality loyaltyprograms and has three MAC addresses corresponding to three differentguest devices (i.e., laptop computer 102 a, mobile phone 102 b, andtablet computer 102 c). Additionally, a single MAC address may beassociated with multiple user IDs, for example, the MAC address of thelaptop computer 102 a may also be associated with other user profileaccounts such as when multiple users share a corporate loaner laptopprovided as needed to different employees for travel.

In some embodiments, each hospitality establishment has a unique siteidentifier (column 710 of FIG. 7) and this site identifier may beutilized by the controller module 120 at that establishment 101 whenquerying the user profile database 172 in order to obtain the loyaltyprogram member identifier associated with the MAC address at thespecific hospitality establishment where the MAC address was detected.

For example, when the user is staying at the “Galactic Hotel (4)”, theMAC address of the user's laptop 102 a (“20-B0-D0-86-BB-F9”) isdetermined to be associated with user identifier “122-32-2345”.Alternatively, when the user is staying at the “Beaches Resort (135)”,the same MAC address of the user's laptop 102 a (“20-B0-D0-86-BB-F9”) isdetermined to be associated with a different user identifier “5E3DA7”.The user may thereby travel to different hospitality establishmentshaving different types of the loyalty program member identifiers, andthe user's various guest devices can still be correlated to the user'srespective user identifier as employed at each of the differenthospitality establishments.

At step 802, when the received MAC address is not associated with anyuser identifiers (IDs) in the user profile database 172, controlproceeds to step 804. Otherwise, when the received MAC address isassociated with one or more user identifiers (IDs) in the user profiledatabase 172, the particular user identifiers (IDs) are retrieved fromthe user profile database and control proceeds to step 806.

At step 804, the controller module 120 takes no further action for thisunrecognized user device 102 because the hotel's gateway/firewall module124 by default prevents unrecognized user devices 102 from accessing theInternet 108 and instead causes them to display the hotel'spredetermined login portal such as provided by the UI module 122. One ofthe previously described methods of identifying a guest area associatedwith the unrecognized guest device such as automatic room detection orhaving the guest input their room number during a sign-up procedure atthe login portal may still be performed at step 202 of FIG. 2.

At step 806, the controller module 120 queries the guest database 136 ofthe hotel 101 to determine whether a current guest of the hospitalityestablishment is associated with any of the particular user identifiers(IDs) found associated with the detected MAC address.

FIG. 9 illustrates an exemplary property management system (PMS)database 136 storing current guest identifiers for each of the guestareas 150 in the hotel 101. In this example, the guest database 136 isthe PMS database used by the PMS module 126 for room assignment at thehotel 101. In other embodiments, the PMS database 136 may actually be acached version of the true PMS database 136, which is stored in anotherstandalone PMS apparatus (not shown). When the PMS database 136 is acached version, the PMS module 126 may be operable to periodicallyretrieve information from the standalone PMS apparatus for storage inthe local, cached PMS database 136.

A room number column 900 indicates the particular guest area 150, a lastname column 902 indicates the last name of the current guest of thatguest area 150, the first name column 904 indicates the guest's firstname, a check-in time column 905 indicates the date and time that theguest checked in to the guest area 150, and a current guest identifier(ID) column 906 indicates an identifier of the current guest such as theloyalty program membership identifier used by the guest at the hotel101. Vacant rooms have a dash (“-”) in columns 902, 904, 905, 906 inthis example.

In a preferred embodiment, the user identifiers (IDs) stored in column712 of FIG. 7 and the current guest identifiers in column 906 of FIG. 6are loyalty program member identifiers utilized by the user. A uniqueuser ID is assigned to each guest participating in the hotel's loyaltyprogram such by issuing the guest with a membership card having the useridentifier printed thereon. When a guest makes a reservation or whenchecking into the hotel 101, the guest provides the hotel 101 with theuser's personal user identifier (e.g., loyalty program memberidentifier), which is thereafter stored in column 906 of the PMSdatabase 136 as the current guest identifier associated with theassigned room. Discounts, points and/or other benefits may be offered toloyalty program members to encourage guests to register their loyaltynumbers upon reservation and/or check-in at the hotel 101.

Utilizing loyalty program member identifiers as the user/guestidentifiers is beneficial to ensure each guest has a unique identifier.However, other types of user/guest identifiers may also be utilized inother embodiments. For example, check-in time and/or combinations of auser's personal identification information provided to the hotel uponreservation or check-in (name, age, phone #, credit card information,passport number, username, password, etc.) may also be utilized as theuser/guest identifier in other embodiments.

At step 808, when a current guest of the hotel 101 is associated withone of the particular user identifiers, control proceeds to step 810 tocontinue the process. Otherwise, when no current guest of the hotel 101is associated with any of the particular user identifiers determined atstep 806, the users associated with these user identifiers (IDs) are notcurrent guests of the hotel 101. Therefore, no room is determined to beassociated with the unrecognized laptop computer 102 a using automaticdevice identifier lookup (control returns to step 804). Other methods ofidentifying a guest area associated with the unrecognized guest devicesuch as automatic room detection or having the guest input their roomnumber during a sign-up procedure at the login portal may still beperformed at step 202 of FIG. 2.

At step 810, the unrecognized guest device 102 is automaticallydetermined to be associated with the guest area 150 found registered tothe guest of the hotel 101 at step 808. Assuming the guest is theexemplary user of FIG. 7 and the hotel 101 is the “Galactic Hotel (4)”,the MAC address “20-B0-D0-86-BB-F9” of the unrecognized laptop 102 awill be found associated with guest identifier “122-32-2345” in the userprofile database 172 (step 802). Therefore, the controller module 120determines the unrecognized laptop computer 102 a to be associated with“Guest room 117” because this is the guest area 150 associated withguest identifier “122-32-2345” in the hotel's PMS database 136 (see step808 of FIG. 8 and row 910 of FIG. 9).

Continuing the description of the overall process in FIG. 2, assumingthat a guest area 150 of the hotel 101 has now been identified by thecontroller module 120 at step 202 [e.g., by utilizing any suitablemethod such as one of 1) receiving the room number from the guest deviceas entered into a web-based login portal, 2) automatically detectingthrough room detection tracing the network traffic back to a sourceaccess-node, and/or 3) looking up a user associated with the guestdevice identifier of the received network traffic and searching thehotel's PMS database 136 to find the room for which that user iscurrently registered], control proceeds to step 204.

At step 204, the controller module 120 checks to see if there is anunexpired login record for the identified guest area 150 (e.g., “Guestroom 117”) in the login database 130. As previously described, column306 of the login database 130 specifies the expiry time for each alreadypurchased Internet package at the hotel 101. By searching for any rowsthat have the identified guest area 150 in column 304 and have an expirytime in column 306 that is still in the future, the controller module120 can determine whether an unexpired login exists for the identifiedguest area 150. For example, the unexpired login 312 in FIG. 3 indicatesthat another guest device 102 (e.g., MAC-5) associated with theidentified guest area 150 (“Guest room 117”) has previously been grantedInternet 108 access and that an allowed access duration for the otherguest device 102 has not yet expired. When an unexpired login exists forthe identified guest area 150, control proceeds to step 210; otherwise,when there is no unexpired login for that guest area 150, controlproceeds to step 206.

At step 206, the controller module 120 takes no further action becauseno guest of the identified guest area 150 has already purchased anInternet package (or all previously purchased packages associated withthat guest area 150 have expired). The unrecognized guest device 102 ais therefore directed to the hotel's login portal by thegateway/firewall module 124 according to the default rule of thefirewall rules 134. At the login portal, the guest can select one of theavailable Internet access packages at the hotel 101 and arrange paymentoptions, e.g., credit card, add to room folio, cash payment at frontdesk, etc. This is similar to a normal Internet sign-up process asdescribed in the background section. Once an Internet package has beenpurchased, control proceeds to step 208.

At step 208, the UI module 122 providing the login portal creates alogin record for the guest area 150 identified during the login process.For example, when the user identifies that they are in “Guest room 117”during the billing process, a login record such as row 312 is created inthe login database 130. Any of the above-described methods foridentifying a guest area associated with a guest device at step 202(e.g., room detection, device identifier lookup) or another method mayalso be applied by the UI module 122 during the Internet sign-up processto avoid the need for the guest to manually specify their room number atthe login portal.

Once the guest area 150 is identified during the purchase process, thevalue of the guest identifier for storage in column 302 of the loginrecord 312 is automatically retrieved for that guest area 150 by the UImodule 122 from the hotel's PMS database 136. For example, the guestidentifier for storage in column 302 can be the loyalty member of thecurrent guest in the identified room as retrieved from column 906 of thePMS database 136. This embodiment beneficially does not require that theguest provide their guest identifier (e.g., value stored in column 906of the PMS database 136) during the HSIA sign-up process at the loginportal. In a preferred embodiment, when the guest is initially signingup for Internet access and connecting to the LAN 104 over a wirelessconnection, the hotel's login portal requires the guest to type in theirlast name and room number during the HSIA sign-up process to verifytheir identify. The last name and room number are checked against thePMS database 136 to confirm that the last name entered really matchesthe current guest of the specified room. In this way, the charge for theselected Internet package can be added to the guest's room folio.Alternatively, device identifier lookup can be utilized to automaticallyidentify the guest and room number without requiring this information tobe entered by the guest at the login portal. When the guest isconnecting to the LAN 104 over a wired connection, automatic roomdetection as described above can be performed by the UI module 122 sothe guest is not required to enter their room number or last name duringthe Internet signup process.

The UI module 122 then retrieves the current guest's loyalty number (orother guest identifier) from column 906 the PMS 136 for the identifiedguest room 150 and stores it as the stored guest identifier in column302 of the room's login record (e.g., see login record 312 for “Guestroom 117” in FIG. 3). As previously noted, it is not required that thestored guest identifier stored in column 302 must be a loyalty programmember number, last names or other guest information such as check-intime may be used instead, but loyalty program numbers are preferred whenavailable because they are unique to each guest, already stored in thehotel's PMS database 136, and can be automatically retrieved after theguest area 150 is identified during the HSIA sign-up process.

As shown in FIG. 9, the PMS database 136 in this example specifies thecheck-in time in column 905 for each guest area 150. This check-in time905 (or last guest check-out time etc.) may be utilized as another typeof guest identifier. For example, a particular guest of the hotel 101can be identified as being the guest who checked into “Guest room 117”at 00:01 on Aug. 18, 2012. Using the guest's check-in time in column 905as the guest identifier rather than the loyalty program identifier incolumn 906 is useful at hospitality establishments 101 where guests areanonymous or when a guest does not provide any personal information suchas a loyalty member identifier to the hospitality establishment 101. Inthese situations, the check-in time of the identified guest area 150 incolumn 905 at the time of HSIA purchase/initial login is stored as thestored guest identifier in column 302 of the login database 130. Thestored guest identifier 302 is later compared with the current guestidentifier being the check-in time of the current guest of theidentified guest area 150 in column 905 as retrieved from the PMSdatabase 136 when a future unrecognized guest device 102 is found to beassociated with that room (see below description of step 210).

Combinations of different fields of data in the PMS database 136 such asuser information (last name 902/first name 904) hashed with check-intime in column 905 may also be utilized by the controller module 120 asan automatically generated guest identifier in column 906. Similar toutilizing loyalty program identifiers, this allows different guestshaving the same first/last name to be differentiated by forming theirrespective guest identifiers in column 906 according to check-in time905 hashed or otherwise combined with other guest information such aslast name 902 and/or first name 904.

Step 210 of the flowchart in FIG. 2 is reached when there is already anunexpired login for the guest area 150 identified at step 202. In otherwords, the unrecognized user device 102 is known to be associated with aguest area 150 of the hotel 101 that has an unexpired HSIA login record.In this situation, the unrecognized guest device 102 may or may not bean additional guest device of the same guest of that room who alreadypurchased an Internet package. The controller module 120 in thisembodiment determines whether or not it is the same guest by comparingthe stored guest identifier in column 302 of the unexpired login 312 forthe identified room with the current guest identifier in column 906 ofthe PMS database 136 for the same room. In other embodiments, thecomparison is between the stored guest identifier in column 302 with thecheck-in time of the current guest in that room as specified in column905 of the PMS database 136, or with a (same) combination of fields ofthe PMS database 136 in that room that were utilized for storing thestored guest identifier during step 208.

Continuing the example where the stored guest identifier stored at step208 and the current guest identifier checked at step 210 correspond toloyalty program member identifiers, in the event the stored guestidentifier in column 302 of the room's unexpired login record isdifferent than the current guest identifier for the same room in column906 of the PMS database 136, this means the room's previous guest hasnow checked out and a new guest has been assigned the room (e.g., “Guestroom 117”). In this situation, the unrecognized user device 102 is nottreated as an additional device and control returns to step 206 toredirect the unrecognized user device to the hotel's login portal andcreate a new login record (see previously described steps 206 and 208).

Alternatively, when the stored guest identifier in column 302 of theroom's unexpired login record matches the current guest identifier forthe same room in column 906 of the PMS database 136, this means the sameguest who has already purchased an Internet package is still in theroom. The stored guest identifier in column 302 of unexpired loginrecord 312 for “Guest room 117” corresponds to the guest of “Guest room117” at the time the unexpired login was created (e.g., at initialpurchase time)—see previously described step 208 where the login recordis created. In contrast, the current guest identifier in column 906 ofthe PMS database 136 for “Guest room 117” (see row 910 of FIG. 9)corresponds to the current guest of “Guest room 117” as is now specifiedin the PMS database 136, which may be several hours or even days afterthe room's login record 312 was created. When the stored guestidentifier in column 302 matches the current guest identifier in column906, the controller module 120 thereby knows the room's guest has notchanged since the Internet package was initially purchased. Theunrecognized guest device 102 is therefore treated as an additionalguest device added onto that same guest's already purchased Internetpackage. Control in this situation proceeds to step 212.

At step 212, the controller module 120 retrieves the allowed number ofguest devices in column 309 of the unexpired login record 312 for theidentified guest area 150 (“Guest room 117” in this example). Thecontroller module 120 further counts the total number of guest devicesthat are already logged in and associated with that same guest area 150(“Guest room 117” in this example). The count may be obtained by thecontroller module 120 counting the number of rows of the login database130 that have the identified guest area 150 (“Guest room 117” in thisexample) in column 304 and that have the same stored guest identifier incolumn 302 and the same allowed access duration to the hotel's HSIAservice in column 306. The number of rows for “Guest room 117” havingthe same details in this example is a single row 312. Since, only onedevice has been associated with this login record, the number of allowedguest devices in column 309 of this login record 312 (e.g., “max. 3allowed guest devices”) has not yet been reached and control proceedsstep 220.

Alternatively, in another example, assume the guest area 150 identifiedat step 202 was “Guest room 105”. As shown in an exemplary unexpiredlogin record labeled 310 of FIG. 3, there are already three unexpiredguest devices logged in for “Guest room 105”; therefore, the allowednumber of guest devices in column 309 for this login record 310 (“3” inthis example) has been reached. Control proceeds to step 214 in such asituation.

At step 214, because allowing an additional guest device to access thehotel's HSIA service would exceed the allowable number of guest devicesfor that room's unexpired login record, the UI module 122 causes theunrecognized user device 102 to display an additional guest device loginscreen.

FIG. 10 illustrates an additional guest device login screen 1000provided to a guest device 102 by the UI module 122. Because theunrecognized user device 102 is not yet logged in, the gateway/firewallmodule 124 in this embodiment by default redirects the unrecognized userdevice 102 to the UI module 122, which can send the additional devicelogin screen 1000 as a web page similar to how it sends the hotel'slogin portal. Screen 1000 may in fact be a part of the hotel's loginportal in some embodiments.

The illustrated example in FIG. 10 assumes the guest is staying in“Guest room 105” and has the unexpired login record 310 in FIG. 3indicating the guest already has three guest devices 102 logged in,which is also their allowed number of guest devices in column 309. Afirst section 1004 of the additional guest device login screen 1000provides the guest the option to upgrade their Internet package to ahigher allowed number of guest devices. When the guest clicks button1008, an additional charge is automatically billed to the guest's roomand the allowed number of guest devices stored in column 309 for theroom's login record 310 is increased to “10” in this example. Increasingthe allowed number of devices corresponds to step 216 in FIG. 2.

Another option, i.e., to log out an existing device, is presented to theguest in a second section 1006 of screen 1000. The three guest devices102 that are already logged in are shown with selection boxes allowingthe guest to choose which prior guest device(s) 102 to log out. Bylogging out one of the currently logged in devices 102, the user canthen log in the unrecognized device 102 that they are now utilizingwithout increasing the room's allowed number of guest devices. Uponchoosing to log out a particular device 102, e.g., the device havinghostname “davidong-laptop” in FIG. 10, the rule in the firewall rule 134clearing this device for Internet access is dynamically deleted by thecontroller module 120 and the row of the login database 130corresponding to this device is deleted (or deactivated, or moved to ahistory archive, etc.). In this way, the prior guest device 102 that isselected for logout will no longer be able to access the Internet 108and the unrecognized user device 102 the user is currently using can belogged in instead.

In an alternative embodiment, rather than allowing or requiring theguest to select which prior guest device 102 associated with their loginrecord 310 to delete, the controller module 120 can automatically selectthe prior guest device 102 for logout. In an example, the controllermodule 120 automatically logs out the oldest prior guest device 102 asdetermined by tracking the exact time that each guest device 102 islogged in (e.g., using another column not shown in login database 130).In another example, the controller module 120 may keep track of whichdevices are currently connected to the hotel LAN 104 such as by pingingeach logged in guest device 102. If a particular prior guest device isfound to no longer be connected to the LAN 104, e.g., does not reply toone or more pings, the controller module 120 automatically selects thatunconnected prior guest device 102 for logout. Logging out a prior guestdevice 102 corresponds to step 218 in FIG. 2, and may also be doneautomatically in other embodiments by the controller module 120 withoutrequiring the unrecognized guest device 102 to display screen 1000.

At step 220, the controller module 120 logs in the unrecognized guestdevice 102 by adding a new row for it in the login database 130. Thevalue of the device identifier in column 300 is the source MAC address(or IP address or other device identifier) specified in network trafficreceived at step 200. The remaining columns 302, 304, 306, 308 arecopied from the unexpired login record for the identified guest area150. In this way, the network service is provided to the new guestdevice 102 with a service entitlement set according to the serviceentitlement of the unexpired login. Returning again to the example wherethe identified guest area 150 is “Guest room 117” and the unexpiredlogin is record 312 in FIG. 3, the unrecognized guest device will belogged in with its own MAC address in column 300 along with a storedguest ID 302 of “122-32-2345”, a guest area 304 of “Room 117”, an HSIAexpiry 306 of “2012/08/17 00:01”, a maximum bandwidth 308 of “256 kbps”,and an allowed number of guest devices 309 of “3”.

At step 222, the controller module 120 updates the firewall rules 134 toclear the now logged in guest device 102 for Internet access. Similar toa regular login, this can be done by adding a device-specific rule forthe MAC address of the guest device 102 so that network traffic fromthis device is allowed to pass to the Internet 108. Later, when theexpiry time in column 306 of the unexpired login 312 is reached, thecontroller module 120 updates the firewall rules 134 to remove therule(s) allowing Internet access for the guest device(s) 102 associatedwith the expired login. In this way, the controller module 120automatically allows the unrecognized guest device 102 to access theInternet 108 for a remaining portion of the allowed access duration ofthe unexpired login 312.

In an advantageous embodiment, the system 100 does not solely rely onverifying information entered by the guest at a web-based login portalin order to determine that an unrecognized guest device is actually anadditional device of a guest who has already purchased an Internetpackage. Instead, the guest area 150 associated with the unrecognizeddevice is identified and a stored guest identifier (e.g., column 302) inan unexpired login record for the identified guest area 150 is comparedwith a current guest identifier (e.g., column 906) as specified in thePMS database 136 for the identified guest area 150. Because the storedguest identifier (e.g., column 302) corresponds to the guest identifierthat was stored in the PMS database 136 for the guest area 150 at thetime the login record was created, if they still match then thecontroller module 120 knows that the unrecognized device is actually anadditional device of the guest who purchased the unexpired Internetpackage. In this way, many problems caused by poor typists or users whoenter fake or inconsistent guest information when trying to first log ina guest device and then add an additional guest device to their existingaccount are prevented.

In an advantageous embodiment, the system 100 supports transparentgranting of access to the network service (e.g., HSIA) for an additionalguest device. This is beneficial for guest devices that are not able tobe logged in at the hotel's login portal. With transparent granting ofHSIA, the controller module 120 automatically allows the additionalguest device to access the Internet 108 for the remaining portion of theallowed access duration of the unexpired login in a manner transparentto the additional guest device. For example, the process of FIG. 2 canbe started from the reception of a DHCP message or a connection requestat the service controller 106. The process of FIG. 2 can proceed throughthe steps as previously described without further involvement of theadditional guest device 102. In this way, the additional guest device102 is not required to display a web page from a login portal of thehospitality establishment before gaining access to the network service.The guest can instead first purchase Internet access using a guestdevice 102 that is able to log in at the login portal, and then otherguest devices 102 that cannot be logged in at the login portal can beadded as additional guest devices and cleared for Internet accesswithout requiring the guest to contact technical support.

The granting of access to the network service may be transparent while,in another embodiment, also optionally sending a welcome screen to eachadditional guest device 102 after it is automatically granted Internetaccess and logged in. The viewing of the welcome screen is optionalmeaning the additional device is already transparently cleared forInternet 108 access before being sent the welcome screen for display;therefore, if it is not capable or permitted to display the welcomescreen for whatever reason, it can still access the Internet 108. Forexample, the gateway/firewall module 124 may attempt one time toredirect each new additional guest device to the IP address of the UImodule 122 to display the welcome screen. As soon as the first attemptis done, the redirect rule is automatically removed for that guestdevice 102 and no further redirection attempts will be made by thegateway/firewall module 124. In this way, the HSIA service is bothtransparently activated for additional guest devices that cannot displaythe welcome screen, and includes the welcome screen for additional guestdevices that can display the welcome screen.

In an advantageous embodiment, the network traffic received at step 200can be a DHCP message. When the process of FIG. 2 begins at step 200upon receiving a DHCP message containing the user device's MAC address,the HSIA service activation at step 222 automatically occurs soon afterthe connection of the guest device 102 to the LAN 104. Therefore, theguest is generally able to access external websites 160 on the Internet108 immediately after connection of an additional guest device 102 tothe hotel LAN 104. In the event that the additional guest device 102requests an external website 160 before the firewall rules 134 areupdated to activate the HSIA service for the additional guest device 102and is therefore blocked, upon a subsequent retry of the connectionrequest by the additional guest device 102, the firewall rules 134 willhave been updated and the connection request will succeed. Delay to theuser is thereby minimized in this embodiment by triggering the start ofthe additional device login process of FIG. 2 with the reception (atstep 200) of an unrecognized MAC address in a DHCP message on the LAN104.

The number of allowable guest devices for a particular unexpired loginrecord can be configured at a Room Profile level, where the hoteladministrator can turn the feature on and select the number ofadditional devices the room is allowed. In this embodiment, each roomprofile has a configuration option for the maximum number of additionaldevices allowed in that room or that type of room. The default is 0,which means no additional devices are allowed after the first device islogged in. Each room may have a different maximum number of allowedadditional devices specified on its Room Profile. For example, apresidential suite may have an unlimited or high number such as 99additional devices, and a basic room may have a low number such as 3additional devices.

The allowed number of additional devices may alternatively be set at aBilling Options level rather than the Room Profile. A benefit of thisembodiment is to allow the hotel to upsell the support of additionalguest devices as a feature to guests. For example, the hotel could offera “Basic” HSIA package that allows 1 additional device for $5, and an“Enhanced” HSIA package that allows 3 additional devices for $7. InBilling Options, a hotel administrator can configure the number ofadditional logins the billing option allows from 0 and up. A negativevalue such as −1 or a predetermined maximum value such as 99 may beutilized to specify “unlimited” additional devices.

In another embodiment, both Room Profile and Billing Profile settingsmay be utilized together. For example, each room may have a defaultmaximum number of additional devices specified according to the roomtype. When the guest purchases a certain billing package, if the allowednumber of additional devices specified by the billing package exceedsthe room default, then the guest will receive the number specified bythe billing package.

Service entitlements allocated to the guest during the login process maybe automatically shared by the collection of guest devices 102associated with the guest's login record. For example, when the guestchooses an HSIA billing package allowing a maximum bandwidth of 1 Mbps,the 1 Mbps is shared among all the guest devices utilized by the guest.I.e., the primary guest device and any additional guest devices loggedin for free afterwards. Alternatively, each device logged in andassociated with the room's billing record may receive the full maximumbandwidth of 1 Mbps regardless of how much data the other devices loggedin for that room utilize.

In addition to HSIA as described in the above examples, otherembodiments of the invention may be applied to other types of networkservices accessed by guest devices over the computer network 104 of ahospitality establishment 101. For example, an additional guest devicemay be automatically added to an unexpired login for network servicessuch as video-on-demand (VOD) playback, pay-per-view, room control, TVcontrol, etc.

In an exemplary embodiment, network traffic is received from a guestdevice on a computer network of a hospitality establishment, and a guestarea of the hospitality establishment is accordingly identified. A logindatabase is queried to find an unexpired login for the guest area, theunexpired login specifying a stored guest identifier corresponding toinformation retrieved from a property management system of thehospitality establishment regarding a guest of the guest area at a timewhen the unexpired login was created. The stored guest identifier of theunexpired login is compared with a current guest identifier of the guestarea retrieved from the property management system regarding a currentguest of the guest area. When the stored guest identifier matches thecurrent guest identifier, the guest device is automatically allowed toaccess the network service for a remaining portion of the allowed accessduration of the unexpired login.

In an exemplary embodiment, network traffic is received from a guestdevice on a computer network of a hospitality establishment, the networktraffic including a device identifier of the guest device. It isdetermined, based upon the device identifier, that the guest device isnot already authorized to access the network service at a time thenetwork traffic is received, the guest device hence considered to be anunrecognized guest device. A user profile server is queried to determinea user identifier that is associated with the device identifier of theguest device. The login database is queried to find an unexpired loginrecord of a different authorized guest device associated with the useridentifier, the unexpired login record granting the different authorizedguest device access to the network service for an allowed accessduration. The unrecognized guest device is automatically granted accessto the network service for a remaining portion of the allowed accessduration of the unexpired login record of the authorized guest device.The unrecognized guest device is automatically granted access to thenetwork service without the device identifier of the unrecognized guestdevice being stored in the login database prior to receiving the networktraffic from the unrecognized guest device.

In an exemplary embodiment, network traffic, including a deviceidentifier, is received from an unrecognized guest device on a computernetwork of a hospitality establishment. A user profile server is queriedto determine a user identifier that is associated with the deviceidentifier of the guest device. A properly management system is queriedto determine whether the user identifier is associated with a currentguest of the hospitality establishment, and, when yes, to determine aguest area registered to the current guest. A login database is queriedto find an unexpired login record of an authorized guest deviceassociated with the guest area, the unexpired login record granting theauthorized guest device access to the network service for an allowedaccess duration. The unrecognized guest device is automatically grantedaccess to the network service for a remaining portion of the allowedaccess duration of the unexpired login record.

Although the invention has been described in connection with a preferredembodiment, it should be understood that various modifications,additions and alterations may be made to the invention by one skilled inthe art without departing from the spirit and scope of the invention asdefined in the appended claims. In an example, upon receiving a PMScheckout message for the guest associated with an unexpired loginrecord, the controller module 120 may automatically expire the networkaccess for all guest devices 102 associated with that guest's nowchecked out room. In another example, although the above examples havefocused on deployments where guests are required to purchase access tothe network service (e.g., HSIA access), it is not requirement thataccess to the network service be purchased. In some embodiments, theInternet package at the hotel 101 may be free and allow up to 3 (or anyother number) of additional guests to be added for each room. In such asystem, the techniques described herein can be beneficially utilized toautomatically recognize and grant access to the additional guest devicesthereby saving the user of having to re-accept the terms and conditionsof the free Internet service at the hotel and any other steps andrequirements that were originally done by the user when initiallysigning up to use the Internet service on the first guest device.

In the above description, the exemplary user indication of “guest” isutilized to refer to users as it common for customers of a hospitalityestablishment to be referred to as guests. However, it is not arequirement that the guests must be customers of the hospitalityestablishment and the term guest in this description includes otherusers such as current guests in the hotel, people who are attending aconference or meeting in the hotel, staff members at the hotel, or anyother person or user who may need or want to access a network serviceover a computer network at the hospitality establishment. Future gueststhat have reservations, potential future guests that don't yet havereservations, and other users may also be given access to the networkservice on their guest devices. For example, a demonstration of thetechnology may be available in a hotel lobby guest area and all userswould be able to utilize multiple guest devices in order to try out thesystem 100. Additionally, it is not necessary that the users bring theirown guest devices 102. In another configuration, one or more of theguest devices 102 may be provided to the user by the hotel 101. Itshould also be noted that although portable devices that are easilycarried are anticipated by the inventors as being particularly useful asguest devices 102, it is not a strict requirement that the guest devices102 be easily carried. Other devices such as desktop computers that areof a more permanent nature may also act as guest devices 102 inconjunction with the invention.

Although the invention has been described as being utilized at a hotel,the invention is equally applicable to any hospitality relatedestablishment providing a service to guest devices over a computernetwork including but not limited to hotels, motels, resorts, conferencecenters, hospitals, apartment/townhouse complexes, restaurants, coffeeshops, retirement centers, cruise ships, busses, airlines, shoppingcenters, passenger trains, etc. The invention may also be beneficiallyemployed in other applications outside the hospitality industry such asby corporations or any other entity wishing to allow users to utilize anetwork service from multiple user devices.

The various separate elements, features, and modules of the inventiondescribed above may be integrated or combined into single units.Similarly, functions of single elements, features, and modules may beseparated into multiple units and modules.

The modules may be implemented as dedicated hardware modules, and themodules may also be implemented as one or more software programsexecuted by a general or specific purpose processor to cause theprocessor to operate pursuant to the software program to perform theabove-described module functions. For example, the service controller106 of FIG. 1 may be implemented by a computer server having one or moreprocessors 118 executing a computer program loaded from a storage mediasuch as storage device 114 to perform the above-described functions ofthe modules.

The flowcharts represent functionality and algorithms that may beimplemented by dedicated hardware, and may also be implemented as one ormore software programs executed by a general or specific purposeprocessor(s) to cause the processor(s) to operate pursuant to thesoftware program to perform the flowchart steps. In this way, a tangiblecomputer-readable medium stores computer executable instructions thatwhen executed by a computer cause the computer to performabove-described steps of FIG. 2, FIG. 5, FIG. 8. Examples of thetangible computer-readable medium include optical media (e.g., CD-ROM,DVD discs), magnetic media (e.g., hard drives, diskettes), and otherelectronically readable media such as flash storage devices and memorydevices (e.g., RAM, ROM). The computer-readable medium may be local tothe computer executing the instructions, or may be remote to thiscomputer such as when coupled to the computer via a computer network.For example, the service controller 106 of FIG. 1 may be implemented bya computer having one or more processors 118 executing a computerprogram loaded from a hard drive located within the computer orelsewhere to perform the steps of the various flowcharts and abovedescription. In one embodiment, the computer is a computer serverconnected to a network such as the Internet 108 and the computer programstored in the hard drive may be dynamically updated by an update server(not shown) coupled to the Internet 108. In addition to a dedicatedphysical computing device, the word “server” may also mean a servicedaemon on a single computer, virtual computer, or shared computer, forexample.

Unless otherwise specified, features described may be implemented inhardware or software according to different design requirements.Additionally, all combinations and permutations of the above describedfeatures and embodiments may be utilized in conjunction with theinvention.

What is claimed is:
 1. An apparatus for controlling access to a networkservice provided over a computer network of a hospitality establishment,the apparatus comprising: a network interface coupled to the computernetwork; a storage device; and one or more processors coupled to thenetwork interface and the storage device; wherein, by the one or moreprocessors executing software instructions loaded from the storagedevice, the one or more processors are configured to: receive networktraffic from a guest device via the computer network, the networktraffic including a device identifier of the guest device; determine,based upon the device identifier, whether the guest device is alreadyauthorized to access the network service at a time the network trafficis received and consider the guest device to be an unrecognized guestdevice when the guest device is determined to not already be authorizedto access the network service; query a user profile server to determinea user identifier that is associated with the device identifier of theunrecognized guest device; query a property management system (PMS) ofthe hospitality establishment to determine whether the user identifieris associated with a current guest of the hospitality establishment,and, when yes, to determine a guest area registered to the currentguest; query a login database to find an unexpired login record of anauthorized guest device associated with the guest area, the unexpiredlogin record granting the authorized guest device access to the networkservice for an allowed access duration, wherein a stored deviceidentifier in the unexpired login record of the authorized guest deviceis different from the device identifier of the unrecognized guestdevice; and automatically grant the unrecognized guest device access tothe network service for a remaining portion of the allowed accessduration of the unexpired login record of the authorized guest device;whereby, the unrecognized guest device is automatically granted accessto the network service without the device identifier of the unrecognizedguest device being stored in the login database prior to receiving thenetwork traffic from the unrecognized guest device.
 2. The apparatus ofclaim 1, wherein, in response to being unable to find the unexpiredlogin record of any authorized guest device associated with the useridentifier, the one or more processors are configured to require theunrecognized guest device to successfully complete a login process at alogin portal before granting the unrecognized guest device access to thenetwork service.
 3. The apparatus of claim 1, wherein, in response todetermining that the guest device from which the network traffic isreceived is already authorized to access the network service at the timethe network traffic is received, the one or more processors areconfigured to automatically grant the guest device access to the networkservice.
 4. The apparatus of claim 1, wherein, in response to beingunable to find any user identifier associated with the device identifierof the unrecognized guest device on querying the user profile server,the one or more processors are configured to require the unrecognizedguest device to successfully complete a login process at a login portalbefore granting the unrecognized guest device access to the networkservice.
 5. The apparatus of claim 1, wherein the hospitalityestablishment is a lodging establishment, the guest area is a guest roomof the lodging establishment, and the network service is Internetaccess.
 6. The apparatus of claim 1, wherein the one or more processorsare configured to automatically grant the unrecognized guest deviceaccess to the network service for the remaining portion of the allowedaccess duration in a manner transparent to the unrecognized guestdevice, whereby the unrecognized guest device is not required to displaya web page from a login portal of the hospitality establishment beforegaining access to the network service.
 7. The apparatus of claim 1,wherein the one or more processors are further configured to: count atotal number of authorized guest devices that are associated with theunexpired login record; and automatically grant the unrecognized guestdevice access to the network service for the remaining portion of theallowed access duration only when the total number of authorized guestdevices has not already reached a predetermined allowable number ofdevices.
 8. The apparatus of claim 7, wherein the predeterminedallowable number of devices is specified according to billing details ofthe unexpired login record.
 9. The apparatus of claim 8, wherein thepredetermined allowable number of devices is specified according to aprofile of the guest area of the hospitality establishment with whichthe user identifier is associated.
 10. The apparatus of claim 8,wherein, when the total number of authorized guest devices has alreadyreached the predetermined allowable number of devices, the one or moreprocessors are configured to cause the unrecognized guest device todisplay a deletion screen giving an option to log out an alreadyassociated authorized guest device before allowing the unrecognizedguest device to access the network service.
 11. The apparatus of claim8, wherein, when the total number of authorized guest devices hasalready reached the predetermined allowable number of devices, the oneor more processors are configured to cause the unrecognized guest deviceto display a billing screen giving an option to increase thepredetermined allowable number of devices for a monetary charge.
 12. Theapparatus of claim 1, wherein the network traffic received from theguest device is a dynamic host configuration protocol (DHCP) messageautomatically broadcast on the computer network by the guest device whenit is connected to the computer network.
 13. The apparatus of claim 1,wherein the network traffic received from the guest device is webtraffic sent by the guest device to a login portal of the hospitalityestablishment.
 14. The apparatus of claim 1, wherein the network trafficreceived from the guest device is a connection request sent by the guestdevice for a website on the Internet received at a default gateway ofthe computer network.
 15. A method of controlling access to a networkservice provided over a computer network of a hospitality establishment,the method comprising: receiving network traffic from a guest device viathe computer network, the network traffic including a device identifierof the guest device; determining, based upon the device identifier,whether the guest device is already authorized to access the networkservice at a time the network traffic is received and considering theguest device to be an unrecognized guest device when the guest device isdetermined to not already be authorized to access the network service;querying a user profile server to determine a user identifier that isassociated with the device identifier of the unrecognized guest device;querying a property management system (PMS) of the hospitalityestablishment to determine whether the user identifier is associatedwith a current guest of the hospitality establishment, and, when yes,determining a guest area registered to the current guest; querying alogin database to find an unexpired login record of an authorized guestdevice associated with the guest area, the unexpired login recordgranting the authorized guest device access to the network service foran allowed access duration, wherein a stored device identifier in theunexpired login record of the authorized guest device is different fromthe device identifier of the unrecognized guest device; andautomatically granting the unrecognized guest device access to thenetwork service for a remaining portion of the allowed access durationof the unexpired login record of the authorized guest device; whereby,the unrecognized guest device is automatically granted access to thenetwork service without the device identifier of the unrecognized guestdevice being stored in the login database prior to receiving the networktraffic from the unrecognized guest device.
 16. The method of claim 15,further comprising, in response to being unable to find the unexpiredlogin record of any authorized guest device associated with the useridentifier, requiring the unrecognized guest device to successfullycomplete a login process at a login portal before granting theunrecognized guest device access to the network service.
 17. The methodof claim 15, further comprising, in response to being unable to find anyuser identifier associated with the device identifier of theunrecognized guest device on querying the user profile server, requiringthe unrecognized guest device to successfully complete a login processat a login portal before granting the unrecognized guest device accessto the network service.
 18. The method of claim 15, wherein thehospitality establishment is a lodging establishment, the guest area isa guest room of the lodging establishment, and the network service isInternet access.
 19. The method of claim 15, further comprisingautomatically granting the unrecognized guest device access to thenetwork service for the remaining portion of the allowed access durationin a manner transparent to the unrecognized guest device, whereby theunrecognized guest device is not required to display a web page from alogin portal of the hospitality establishment before gaining access tothe network service.
 20. A non-transitory processor-readable mediumcomprising a plurality of processor-executable instructions that whenexecuted by one or more processors cause the one or more processors toperform steps of: receiving network traffic from a guest device via acomputer network of a hospitality establishment, the network trafficincluding a device identifier of the guest device; determining, basedupon the device identifier, whether the guest device is alreadyauthorized to access the network service at a time the network trafficis received and considering the guest device to be an unrecognized guestdevice when the guest device is determined to not already be authorizedto access the network service; querying a user profile server todetermine a user identifier that is associated with the deviceidentifier of the unrecognized guest device; querying a propertymanagement system (PMS) of the hospitality establishment to determinewhether the user identifier is associated with a current guest of thehospitality establishment, and, when yes, determining a guest arearegistered to the current guest; querying a login database to find anunexpired login record of an authorized guest device associated with theguest area, the unexpired login record granting the authorized guestdevice access to the network service for an allowed access duration,wherein a stored device identifier in the unexpired login record of theauthorized guest device is different from the device identifier of theunrecognized guest device; and automatically granting the unrecognizedguest device access to the network service for a remaining portion ofthe allowed access duration of the unexpired login record of theauthorized guest device; whereby, the unrecognized guest device isautomatically granted access to the network service without the deviceidentifier of the unrecognized guest device being stored in the logindatabase prior to receiving the network traffic from the unrecognizedguest device.